IT security not always part of cloud decision, says IDC

Cloud adoption is outstripping security concerns, says Eric Domage, programme manager for IDC in Europe.

“The main reason for this is that IT and IT security teams are not making the decision to go to cloud; these are being made at a higher level to cut costs,” he told the IDC Virtualisation and Cloud Security Conference 2011 in London.

Cloud adoption is happening in small bites of services in narrow areas of the business such as email and calendar, he said, but IT and security teams are not always involved in the decision-making process.

Although there have not yet been any security incidents involving cloud, Domage said the fact remains that there is still no end-to-end encryption capability for public cloud.

This means that until there is further technical progress, private clouds are the best bet, he said, because private clouds are very similar to virtualised environments, where security is now mature.

“Virtualised environments are safe and compliant; virtualisation security should inspire cloud adoption as the private cloud is the natural continuation of virtualisation,” said Domage.

IDC predicts that in the next two years, most of the discussion about IT cost reduction will be around private cloud implementations.

In the longer term, said Domage, businesses should be thinking about what effect cloud computing will have on internal IT departments.

Security aside, he said, IDC sees the main challenge of cloud is the implications it will have for corporate IT departments.

“If cloud service providers are able to reduce costs and IT complexity, what will IT departments look like in ten years’ time? What will their role be?,” asked Domage.